Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1896

GGSSchemeBase does not support GSS continuation

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 4.5.2
    • Fix Version/s: None
    • Component/s: HttpClient (classic)
    • Labels:
      None
    • Environment:
      IBM Java

      Description

      GGSSchemeBase suppose only one challenge exchange is correct - if server requires continuation (for example when running on IBM java), it is rejected by GGSSchemeBase:

      Authentication already attempted

      This is caused by following part of GGSSchemeBase:

              if (state == State.UNINITIATED) {
                  token = Base64.decodeBase64(challenge.getBytes());
                  state = State.CHALLENGE_RECEIVED;
              } else {
                  log.debug("Authentication already attempted");
                  state = State.FAILED;
              }
      

      This is not sufficient for IBM java, which use workflow:

      C -> S (initial, no negotiate header)
      C <- S (client receive first challenge)
      C -> S (client send first response)
      C <- S (Oracle would already sent OK, but IBM sends second challenge!) <- httpclient fails
      C -> S (client sends second response)
      C <- S (client receive requested page - OK)

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              jkalina Jan Kalina
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: